By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,509 Members | 1,301 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,509 IT Pros & Developers. It's quick & easy.

FormsAuthentication Cookie Q

P: n/a
When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the
FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder, even
if I do:

Response.Cookies.Remove(FormsAuthentication.FormsC ookieName);
Nov 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Dear insomiacs, I noticed something weird.

FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
sUserName, DateTime.Now, DateTime.Now.AddHours(4)false, sGroups);

// Encrypt the FormsAuthenticationTicket

string sTicket = FormsAuthentication.Encrypt(oAuthTicket);

// Create the auth cookie for the User

HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

// oCookie.Expires = DateTime.Now.AddHours(4);

I noticed that when I commented out the last line above (since the
expiration is already set in the oAuthTicket creation, I no longer see the
cookie being created on my hard drive ... weird

"George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
news:O3**************@tk2msftngp13.phx.gbl...
When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the
FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder, even if I do:

Response.Cookies.Remove(FormsAuthentication.FormsC ookieName);

Nov 17 '05 #2

P: n/a
Found the workaround. Problem was I needed to destroy the
FormsAuthentication cookie when the user logged out, or closed the browser.
(found out that I couldn't call remove, I had to set the Expires property of
the cookie to a day in the past).

The problem is, Session_End is the only place I can think of to destroy the
cookie when the user closes the browser, but I can't get that to run.

The only think I found that works, is to not manually set the Expires
property of the cookie when first creating it. LEt all that info stay in the
FormsAUthenticationTicket.

enough with all these weirdnesses already :(

"George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
news:uZ*************@TK2MSFTNGP10.phx.gbl...
Dear insomiacs, I noticed something weird.

FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
sUserName, DateTime.Now, DateTime.Now.AddHours(4)false, sGroups);

// Encrypt the FormsAuthenticationTicket

string sTicket = FormsAuthentication.Encrypt(oAuthTicket);

// Create the auth cookie for the User

HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

// oCookie.Expires = DateTime.Now.AddHours(4);

I noticed that when I commented out the last line above (since the
expiration is already set in the oAuthTicket creation, I no longer see the
cookie being created on my hard drive ... weird

"George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
news:O3**************@tk2msftngp13.phx.gbl...
When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder,

even
if I do:

Response.Cookies.Remove(FormsAuthentication.FormsC ookieName);


Nov 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.